htmlspecialchars is dropping characters

Question

I'm trying to use htmlspecialchars but it doesn't seem to be working. I'm using OSX 10.9.1 and PHP 5.4.17. I write:

var_dump(htmlspecialchars("<a href='test'>Test</a>", ENT_QUOTES, 'UTF-8'));
echo htmlspecialchars("<a href='test'>Test</a>", ENT_XHTML, 'UTF-8');

and get:

string '&lt;a href=&#039;test&#039;&gt;Test&lt;/a&gt;' (length=45)
<a href='test'>Test</a

Any ideas?

Let me guess, you're viewing the rendered HTML and not the actual source. Also, `var_dump` will encode entities in an HTML context, in essence, double-encoding your string for output. — Phil, Feb 09 '14 at 23:33

score 11 · Accepted Answer · answered Feb 09 '14 at 23:41

11

It works, but you expect something else.

The output is interpreted by your browser as HTML. You can get the plain output by setting the content type to plain or using a command line.

<?php

header('Content-Type: text/plain');

var_dump(htmlspecialchars("<a href='test'>Test</a>", ENT_QUOTES, 'UTF-8'));
echo htmlspecialchars("<a href='test'>Test</a>", ENT_XHTML, 'UTF-8');

answered Feb 09 '14 at 23:41

kelunik

6,750
2
41
70

3

...or by clicking "View Source" in the browser – IMSoP Feb 09 '14 at 23:48
@IMSoP you shouldn't always trust your browser's "view source". Firefox modified the source in some cases some time ago, I don't know if this is still so. – kelunik Feb 09 '14 at 23:53
True. A step up from *not* viewing the source, though :) – IMSoP Feb 09 '14 at 23:55
I did not know that I had to check the source or use text/plain. Thank to all. – Michel Lecomte Feb 10 '14 at 07:52
Just wanted to say thank you for this. I didn't know what was going on either and this helped me a bunch! :) – BxtchCraft Sep 12 '14 at 21:13

htmlspecialchars is dropping characters

1 Answers1